On Wed, 15 Mar 2000, Wade L. Scholine wrote:
> From: Wade L. Scholine <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: RE: demos/ssl/serv.cpp
>
Thank you for the reply.
I know that the demo's are intended to be minimal SSL programs. There is
just a part of them that I can not get to work.. The line:
client_cert = SSL_get_certificate( ssl );
in serv.cpp always fails. I want to know how can I make that one line
work?
Now why would I want to use that cert if I can use the functions you have
specified in the e-mail? Maybe I want to be able to verify the clients
cert against a hardcoded cert/CA in the program?
I have looked at those functions and tried them, but then I get messages
saying that the client did not provide a key to verify.
Robert Sandilands
> The demos are intended to be *minimal* SSL programs. If it had client
> verification it wouldn't be minimal anymore, now, would it? If you want to
> see how client authentication works, examine apps/s_server.c and look at
> what happens when you specify -verify. Keep an eye open for
> SSL_CTX_set_verify(), SSL_CTX_load_verify_locations(), and
> SSL_CTX_set_client_CA_list(). Have fun.
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, March 14, 2000 9:31 AM
> > To: [EMAIL PROTECTED]
> > Subject: demos/ssl/serv.cpp
> >
> > I'm trying to implement a ssl client/server class in Borland
> > C++ Builder
> > based on openssl 0.9.5 and the example in demos/ssl/serv.cpp and
> > demos/ssl/cli.cpp.
> >
> > If I use openssl.exe with the command line:
> >
> > openssl s_client -connect localhost:443 -cert z:\robert.crt -key
> > z:\robert.key
> >
> > and the serv.exe program then the server app does not get any
> > key from the
> > client. If I run openssl with the s_server parameter it does get a key
> > form the client. I've tried figuring out what is happening in
> > apps/s_server.c but I have to admit to being confused by it.
> >
> > So the question: What do I have to do to serv.cpp to convince it to
> > request a key from the client?
> >
> > Thank you.
> >
> > Robert Sandilands
> >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
